aiight, I've tried banner grabbing over TCP port 80 by telnetting but it seems like i get a BAD REQUEST no matter what command I use which makes the port 80 pretty useless...

now I'm searching through the net for information about the ports and some known exploits, but it seems like all the ports are pretty covered :/
I'm able to connect to all the ports through telnet, but I don't get any answer back no matter what command I enter :/

I'm searching atm through milw0rm for something that might be helpful.

any other ideas that might be helpful ??

remember that I'm running windows so the programs mentioned earlier is not going to help me unless there is a windows version

thnx for all the answers so far!!

//D.H.

Edit: scanning the machines connected to the network (the owners machines) gave me the following result:

PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
4000/tcp open remoteanything

Edit 2: Port 4000 is used by a program called: Remote-Anything. I downloaded the program and tried to connect to the remote PC. The thing is that with a trial version the only password you can use is trial, and the default admin pass is a blank password bar. So I tried to connect to the PC but I think it was my fucking crap shit vista firewall that blocked the connection or it was refused by the pc. I could not figure out the reason for this :/

If I'm going to install linux, what version would you guys recommend for a windows user? the most important thing is that it must have a graphic interface!

RE: Network Security Testing

Posts: 586Location: He is back and he's bad!Joined: 25.11.07 Rank: Mad User

Posted on 31-03-09 21:24

NoPax wrote:
It is running IIS 6 so thats not realy secure.

Really?

here you have an exploit
http://seclists.org/fulldisclosure/2005/Apr/0412.html

This is a prank, I think that the shell code was rm -fr /

and one at milw0rm
http://www.milw0rm.com/exploits/3965

And DoS sucks

Than you shpuld check all the other services if that one doesn't work.

But I think remote anything will be a possibility to hack.
You can try to download a cracked version of it at torrentz.com
or some other sites.

Than write a programm which will bruteforce it. But that could take a while to bruteforce =)

edit/
I would try to search for exploits all the Microsoft Services. They are normally always vulnerably.

Have a look into rpc port 135, if it's running SP2 it should be vulnerable.
Also yeah you can btforce rdp, there are some decent bruteforcers out there, but it's rather time lenghy and resource wasteful

You may want to try DNS Dan Kaminsky Exploit, now since it's even included in msf3.

There are few ports I haven't seen, have a look around there might be some exploit for them, and don't forget milw0rm isn't the only security website

So investigate the unknown port/s, and verify manually the port banners with the nmap result to ensure they aren't false positives

[img][/img]

spyware - "They see me trollin'..."<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

RE: Network Security Testing

Yeah in my opinion IIS is not very secure. Until now there have been in all versions of it mayor security holes.

It didn't say that remote anything is the only solution. But it would be my last solution if nothing else would work. Because with bruteforcing there would be a chance to get in the system. So why not try it.

RE: Network Security Testing

Than you shpuld check all the other services if that one doesn't work.

But I think remote anything will be a possibility to hack.
You can try to download a cracked version of it at torrentz.com
or some other sites.

Than write a programm which will bruteforce it. But that could take a while to bruteforce =)

edit/
I would try to search for exploits all the Microsoft Services. They are normally always vulnerably.

Have a look into rpc port 135, if it's running SP2 it should be vulnerable.
Also yeah you can btforce rdp.
You may want to try DNS Dan Kaminsky Exploit, now since it's even included in msf3.

There are few ports I haven't seen, have a look around there might be some exploit for them, and don't forget milw0rm isn't the only security website

thnx for the posts guys.
This thing is a lot harder than it seems I've been googling for some time now, trying to find exploits/vulnerbilities for IIS 6 and the open ports, but it seems like I don't have that much luck :/

here is some additional info. Since I'm pretty new at this kind a stuff I wanted to ask what all those services are. you don't need to explain what TCP and UDP are but what about the rest? ICMP is the one blocking my commands right? I have ICMP activated at home, which is (if I remember correctly) the service that blocks commands like ping etc. coming through the internet to my pc... am I right or...?

what about GRE, IGMP and the unknown one??!? I can google the services up and check them out, but I'd like to know if there is something that I could use against the server using those services ;D

//D.H.

Edit: IGMP seems like a vulnerable service. There are some listed attack types against it like DoS etc. does anyone of you guys have any experience dealing with this serive maybe?

Edit2: What irritates me the mos is that I can telnet to any port I want and get established connection, but whatever command I use does not give any response (except for port 80 listed in below). I keep using help, head, etc. and pressing enter, and well... nothing happens :S
This means that the server does not understand the commands I'm giving right? or am I missing something here?